SciLinux: Important: ghostscript on SL7.x x86_64

    Date16 Oct 2018
    608
    Posted ByAnthony Pell
    It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the - -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509) * ghostscript: LockDistillerParams type confusion (699656) (CVE-2018-15910) * ghostscript: .definemodifiedfont mem [More...]
    Synopsis:          Important: ghostscript security update
    Advisory ID:       SLSA-2018:2918-1
    Issue Date:        2018-10-16
    CVE Numbers:       CVE-2018-10194
                       CVE-2018-16509
                       CVE-2018-15910
                       CVE-2018-16542
    --
    
    Security Fix(es):
    
    * It was discovered that the ghostscript /invalidaccess checks fail under
    certain conditions. An attacker could possibly exploit this to bypass the
    - -dSAFER protection and, for example, execute arbitrary shell commands
    via a specially crafted PostScript document. (CVE-2018-16509)
    
    * ghostscript: LockDistillerParams type confusion (699656)
    (CVE-2018-15910)
    
    * ghostscript: .definemodifiedfont memory corruption if /typecheck is
    handled (699668) (CVE-2018-16542)
    
    * ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix
    function in gdevpdts.c (CVE-2018-10194)
    --
    
    SL7
      x86_64
        ghostscript-9.07-29.el7_5.2.i686.rpm
        ghostscript-9.07-29.el7_5.2.x86_64.rpm
        ghostscript-cups-9.07-29.el7_5.2.x86_64.rpm
        ghostscript-debuginfo-9.07-29.el7_5.2.i686.rpm
        ghostscript-debuginfo-9.07-29.el7_5.2.x86_64.rpm
        ghostscript-devel-9.07-29.el7_5.2.i686.rpm
        ghostscript-devel-9.07-29.el7_5.2.x86_64.rpm
        ghostscript-gtk-9.07-29.el7_5.2.x86_64.rpm
        ghostscript-9.07-29.el7_5.2.src.rpm
      noarch
        ghostscript-doc-9.07-29.el7_5.2.noarch.rpm
    
    - Scientific Linux Development Team
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"67","title":"HOWTOs","votes":"2","type":"x","order":"3","pct":66.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.